Sunday, January 25, 2009

Massive exploitation of vulnerabilities through servers ghosts

The number of chinese domains who daily are used to exploit vulnerabilities on computers of people who access the web pages designed with malicious purposes, it is really important.

These servers hosting pages containing exploits weaknesses for different Microsoft Windows operating systems and some other applications. Currently being used on a massive scale for the spread of malicious code.

According ThreatExpert, China along with Russia make up the two countries with the highest rate of spread of threats.
Domains below are housed in server farms, and many ghosts are active, it is suggested to be cautious if they want access. The aim to make these domains is purely investigative and informative, and considered useful for blocking malicious URLs.

*.705sese cn (59.34.197.15) contains exploits for MS06-014, MS08-067, StormPlayer, RealPlayer running from /a2/fxx.htm and download the binary al.css exploiting vulnerability in a timely MS08-067.
*.S350-d.bc cn (58.253.68.65) binary download gr.exe (MD5: abd5bcb105dd982ae0b9c1f8c66bc07c).
*.yandex2 cn (193.138.172.5) binary download load.exe (MD5: 2ce6d3c0f526f96b32db8cef06921ffc) from /load.php?spl&id=21=5.
*. metago cn (193.138.172.5)
*.copy-past cn (195.242.161.24) contains exploit.
*.whitebiz cn (91.211.64.155) binary download load.exe (MD5: d7d03b7ea57ecaf008350a4215f8e2bc) from /service/load.php.

*.winesamile cn
*.bigsellstaff cn
*.cntotalizator cn

*.fiesta-tests com

*.fresh-best-movies cn

*.helinking cn

*.ns2.oxdnski cn

*.onlinestat cn

*.trafiks cn
*.783456788839 cn (195.190.13.106) trojan download from /load.php?spl=zango1.
*.234273849543 cn
*.384756783900 cn

*.109438129432 cn

*.sinakis cn (91.211.64.89) malware download from /baner/load.php?id=187&spl=4.
*.nohtingherez cn
(217.20.112.96) binary download adv111.exe (MD5: 4adc9c50005c301db9af13f8467801f7).
*.o6ls cn (91.203.4.137) malware download from /load.php?id=3459&spl=4.

# Jorge Mieres

No comments: